Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory corruption, use-after-free error and memory safety bugs, etc. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
> Firefox prior to version 52
> Firefox ESR prior to version 45.8
A successful attack could lead to arbitrary code execution, denial of service, information disclosure, security restriction bypass, or application crash on an affected system.
Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:
> Firefox 52 for Windows, Macintosh 及 Linux
https://www.mozilla.org/en-US/firefox/all.html
> Firefox ESR 45.8 for Windows, Macintosh and Linux
https://www.mozilla.org/en-US/firefox/organizations/all/
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.mozilla.org/security/advisories/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/
https://www.hkcert.org/my_url/en/alert/17030803
https://www.us-cert.gov/ncas/current-activity/2017/03/07/Mozilla-Releases-Security-Update
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398 (to CVE-2017-5422)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5425 (to CVE-2017-5427)